One of the biggest differences between SCEP and its predecessor FEP is the way in which the clients are deployed. FEP clients were deployed using an SCCM 2007 software package and an advertisement. While the system of software packages and advertisements persists in SCCM 2012, it is not used at all to deploy SCEP clients.
Instead, Microsoft has bundled the SCEP client within the SCCM 2012 client. The SCCM client agent settings determine whether or not a client PC is running SCEP. Changing the Endpoint Protection settings in the options for Client Agents essentially amounts to flipping a switch that tells a targeted computer to go ahead and use the SCEP client it already has.
In previous versions of SCCM, it was possible to have one set of client agent settings; in SCCM 2012, you can now have multiple sets of client settings and limit them to a given collection. So rather than modifying the default client settings policy, and thereby, deploying SCEP to...